GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
WildFly Elytron: SSRF security issue
High
CVE-2024-1233
was published
for
org.wildfly.security:wildfly-elytron-realm-token
(Maven)
Apr 9, 2024
XXL-JOB vulnerable to Server-Side Request Forgery
High
CVE-2024-24113
was published
for
com.xuxueli:xxl-job
(Maven)
Feb 8, 2024
Apache Axis Improper Input Validation vulnerability
High
CVE-2023-51441
was published
for
axis:axis
(Maven)
Jan 6, 2024
WPS Server Side Request Forgery vulnerability
High
CVE-2023-43795
was published
for
org.geoserver.extension:gs-wps-core
(Maven)
Oct 24, 2023
Presto JDBC Server-Side Request Forgery by nextUri
High
GHSA-86q5-qcjc-7pv4
was published
for
com.facebook.presto:presto-jdbc
(Maven)
Oct 3, 2023
Presto JDBC Server-Side Request Forgery by redirect
High
GHSA-xm7x-f3w2-4hjm
was published
for
com.facebook.presto:presto-jdbc
(Maven)
Oct 3, 2023
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials
High
CVE-2023-41937
was published
for
io.jenkins.plugins:bitbucket-push-and-pull-request
(Maven)
Sep 6, 2023
Apache XML Graphics Batik Server-Side Request Forgery vulnerability
High
CVE-2022-44729
was published
for
org.apache.xmlgraphics:batik-bridge
(Maven)
Aug 22, 2023
PlantUML Server-Side Request Forgery vulnerability
High
CVE-2023-3432
was published
for
net.sourceforge.plantuml:plantuml
(Maven)
Jun 27, 2023
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
Untrusted code execution in Apache XML Graphics Batik
High
CVE-2022-42890
was published
for
org.apache.xmlgraphics:batik
(Maven)
Oct 25, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG.
High
CVE-2022-41704
was published
for
org.apache.xmlgraphics:batik
(Maven)
Oct 25, 2022
Apache Batik vulnerable to Server-Side Request Forgery
High
CVE-2022-40146
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
4thline cling uPnP protocol issue can lead to denial of service
High
CVE-2020-23622
was published
for
org.fourthline.cling:cling-core
(Maven)
Aug 16, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
GeoServer allows SSRF via the option for setting a proxy host
High
CVE-2021-40822
was published
for
org.geoserver:gs-main
(Maven)
May 3, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2019-17566
was published
for
org.apache.xmlgraphics:batik
(Maven)
Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons
High
CVE-2020-11988
was published
for
org.apache.xmlgraphics:xmlgraphics-commons
(Maven)
Feb 9, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2020-11987
was published
for
org.apache.xmlgraphics:batik-svgbrowser
(Maven)
Jan 6, 2022
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
Server-Side Request Forgery in UReport
High
CVE-2020-21122
was published
for
com.bstek.ureport:ureport2-console
(Maven)
Sep 20, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API